Changeset 34304 in project


Ignore:
Timestamp:
08/20/17 22:50:05 (5 weeks ago)
Author:
chust
Message:

[openssl] Added client-side SNI support

Location:
release/4/openssl/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • release/4/openssl/trunk/openssl.scm

    r33673 r34304  
    244244                #f)))))
    245245       (apply ssl-abort loc sym args)))))
     246
     247(define (ssl-set-tlsext-hostname! ssl hostname)
     248  (ssl-clear-error)
     249  (ssl-result-or-abort
     250   'ssl-set-tlsext-hostname! ssl
     251   ((foreign-lambda int "SSL_set_tlsext_host_name" c-pointer c-string)
     252    ssl hostname) #f
     253   hostname)
     254  (void))
    246255
    247256(define (ssl-set-fd! ssl fd)
     
    554563
    555564;; connect to SSL server
    556 (define (ssl-connect hostname #!optional port (ctx 'sslv2-or-v3))
    557   (receive (tcp-in tcp-out)
    558     (tcp-connect hostname port)
    559     (let* ((fd (net-unwrap-tcp-ports tcp-in tcp-out))
    560            (ctx
    561             (if (ssl-client-context? ctx)
    562                 (ssl-unwrap-client-context ctx)
    563                 (ssl-ctx-new ctx #f)))
    564            (ssl
    565             (ssl-new ctx)))
    566       (ssl-set-connect-state! ssl)
    567       (ssl-make-i/o-ports ctx fd ssl tcp-in tcp-out))))
     565(define (ssl-connect hostname #!optional port (ctx 'sslv2-or-v3) sni-name)
     566  (let* ((ctx
     567          (if (ssl-client-context? ctx)
     568              (ssl-unwrap-client-context ctx)
     569              (ssl-ctx-new ctx #f)))
     570         (ssl (ssl-new ctx))
     571         (success? #f))
     572    (dynamic-wind
     573      void
     574      (lambda ()
     575        (when sni-name
     576          (ssl-set-tlsext-hostname! ssl (if (string? sni-name) sni-name hostname)))
     577        (ssl-set-connect-state! ssl)
     578        (receive (tcp-in tcp-out)
     579          (tcp-connect hostname port)
     580          (receive (ssl-in ssl-out)
     581            (ssl-make-i/o-ports ctx (net-unwrap-tcp-ports tcp-in tcp-out) ssl tcp-in tcp-out)
     582            (set! success? #t)
     583            (values ssl-in ssl-out))))
     584      (lambda ()
     585        (unless success?
     586          (ssl-free ssl)
     587          (set! ssl #f))))))
    568588
    569589;; create listener/SSL server context
     
    780800    ctx))
    781801
    782 (define (ssl-connect* #!rest args #!key hostname port)
    783   (ssl-connect hostname port (apply ssl-make-client-context* args)))
     802(define (ssl-connect* #!rest args #!key hostname port sni-name)
     803  (ssl-connect hostname port (apply ssl-make-client-context* args) sni-name))
    784804
    785805(define (ssl-listen* #!key hostname (port 0) (backlog 4) (protocol 'tlsv12) (cipher-list "DEFAULT") certificate private-key (private-key-type 'rsa) private-key-asn1? certificate-authorities certificate-authority-directory (verify? #f))
     
    796816    ear))
    797817
    798 (define (ssl-start* server? tcp-in tcp-out #!key (protocol 'tlsv12) (cipher-list "DEFAULT") certificate private-key (private-key-type 'rsa) private-key-asn1? certificate-authorities certificate-authority-directory (verify? (not server?)))
     818(define (ssl-start* server? tcp-in tcp-out #!key (protocol 'tlsv12) (cipher-list "DEFAULT") certificate private-key (private-key-type 'rsa) private-key-asn1? certificate-authorities certificate-authority-directory (verify? (not server?)) sni-name)
    799819  (unless (or certificate-authorities certificate-authority-directory)
    800820    (set! certificate-authority-directory (ssl-default-certificate-authority-directory)))
     
    814834      (if server?
    815835        (ssl-set-accept-state! ssl)
    816         (ssl-set-connect-state! ssl))
     836        (begin
     837          (when sni-name
     838            (ssl-set-tlsext-hostname! ssl sni-name))
     839          (ssl-set-connect-state! ssl)))
    817840      (ssl-make-i/o-ports ctx fd ssl tcp-in tcp-out))))
    818841
  • release/4/openssl/trunk/openssl.setup

    r33671 r34304  
    1919  'openssl
    2020  '("openssl.scm" "openssl.so" "openssl.import.so" "openssl-static.o")
    21   '((version "1.8.0")
     21  '((version "1.9.0")
    2222    (static "openssl-static.o")
    2323    (static-options "-lssl -lcrypto -lgdi32")))
Note: See TracChangeset for help on using the changeset viewer.